Posted
by
Soulskill
on Sunday August 01, 2010 @10:19AM
from the snoop-on-the-cheap dept.

We previously discussed security researcher Chris Paget's plans to demonstrate practical cell phone interception at DefCon. Paget completed his talk yesterday, and reader suraj.sun points out coverage from Wired. Quoting:
"A security researcher created a $1,500 cell phone base station kit (including a laptop and two RF antennas) that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear. Most of the price is for the laptop he used to operate the system. The device tricks the phones into disabling encryption and records call details and content before they are routed on their proper way through voice-over-IP. The low-cost, home-brewed device ... mimics more expensive devices already used by intelligence and law enforcement agencies — called IMSI catchers — that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that's stronger than legitimate towers in the area. Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice of the cell phone makers, Paget said."

So wait, law enforcement use a method to interception that would be compromised if that warning was displayed, and phone manufacturers fail to enable such a warning? Call my a conspiracy nut but perhaps they were asked not to include such a warning for exactly that reason. It wouldn't be the first time the government has asked private industry to make it easier to snoop.

Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice on the cell phone makers, Paget said."

I am not sure I understand the above text. If it is the SIM card disabling the setting, why is this then labeled a deliberate choice by the cell phone makers?

Also I have seen at least on numerous Nokia mobile phones that an icon in the display notify you at least in some instances when encryption is disabled. (This happen quite frequently in e.g. China).

Here's the easiest way....have this guy not only publish his results, but his methods too. Put the plans up for free download so anyone can follow his plans and build such a device. When hundreds (or thousands) of these devices start popping up and people are getting spied on by their fellow citizens, there will be an outrage! (silly emphasis). After that, the manufacturers may start including the warnings.
Note: using one of these devices probably already violates various cyber-laws, so that threat wouldn't deter many if it's hard to be caught.

I can't even explain how common this thing is, and how many geeks are playing with it.

Try using a car analogy.

Why this guy felt like he had to take a credit for it is beyond me.

As clearly linked, Paget is demonstrating . This is the community equivalent of science journal peer review -- it's separating the facts from the FUD. This is Investigative Reporting, the third leg that Democracy stands on.

That is creditable, quite unlike "I can't even explain how common this thing is, and how many geeks are playing with it", which is as credible as any other sniggering teenager remark that's designed to say "I'm so cool and in the know, and you're so not."